examples/route-middleware/index.js JAVASCRIPT 91 lines View on github.com → Search inside 
1'use strict'23/**4 * Module dependencies.5 */67var express = require('../../lib/express');89var app = express();1011// Example requests:12//     curl http://localhost:3000/user/013//     curl http://localhost:3000/user/0/edit14//     curl http://localhost:3000/user/115//     curl http://localhost:3000/user/1/edit (unauthorized since this is not you)16//     curl -X DELETE http://localhost:3000/user/0 (unauthorized since you are not an admin)1718// Placeholder users19var users = [20  { id: 0, name: 'tj', email: 'tj@vision-media.ca', role: 'member' }21  , { id: 1, name: 'ciaran', email: 'ciaranj@gmail.com', role: 'member' }22  , { id: 2, name: 'aaron', email: 'aaron.heckmann+github@gmail.com', role: 'admin' }23];2425function loadUser(req, res, next) {26  // You would fetch your user from the db27  var user = users[req.params.id];28  if (user) {29    req.user = user;30    next();31  } else {32    next(new Error('Failed to load user ' + req.params.id));33  }34}3536function andRestrictToSelf(req, res, next) {37  // If our authenticated user is the user we are viewing38  // then everything is fine :)39  if (req.authenticatedUser.id === req.user.id) {40    next();41  } else {42    // You may want to implement specific exceptions43    // such as UnauthorizedError or similar so that you44    // can handle these can be special-cased in an error handler45    // (view ./examples/pages for this)46    next(new Error('Unauthorized'));47  }48}4950function andRestrictTo(role) {51  return function(req, res, next) {52    if (req.authenticatedUser.role === role) {53      next();54    } else {55      next(new Error('Unauthorized'));56    }57  }58}5960// Middleware for faux authentication61// you would of course implement something real,62// but this illustrates how an authenticated user63// may interact with middleware6465app.use(function(req, res, next){66  req.authenticatedUser = users[0];67  next();68});6970app.get('/', function(req, res){71  res.redirect('/user/0');72});7374app.get('/user/:id', loadUser, function(req, res){75  res.send('Viewing user ' + req.user.name);76});7778app.get('/user/:id/edit', loadUser, andRestrictToSelf, function(req, res){79  res.send('Editing user ' + req.user.name);80});8182app.delete('/user/:id', loadUser, andRestrictTo('admin'), function(req, res){83  res.send('Deleted user ' + req.user.name);84});8586/* istanbul ignore next */87if (!module.parent) {88  app.listen(3000);89  console.log('Express started on port 3000');90}

Code quality findings 7

Use let or const to avoid scope issues and hoisting
L7
info correctness var-declaration
var express = require('../../lib/express');
Use let or const to avoid scope issues and hoisting
L9
info correctness var-declaration
var app = express();
Use let or const to avoid scope issues and hoisting
L19
info correctness var-declaration
var users = [
Use let or const to avoid scope issues and hoisting
L27
info correctness var-declaration
var user = users[req.params.id];
Use strict equality (===) to prevent type coercion bugs
L39
info correctness loose-equality
if (req.authenticatedUser.id === req.user.id) {
Use strict equality (===) to prevent type coercion bugs
L52
info correctness loose-equality
if (req.authenticatedUser.role === role) {
Remove debugging statements or use a logging library
L89
info correctness console-log
console.log('Express started on port 3000');

Get this view in your editor

Same data, no extra tab — call code_get_file + code_get_findings over MCP from Claude/Cursor/Copilot.

Add to MCP client REST API spec ← Back to dossier